praveenkumar@zohocorp.com

AD Domain Services Directory Objects & Identity Data

Aging analysis of user accounts

September 17, 2025

Aging Analysis of User Accounts A first-principles approach to reducing access risk, cleaning identity sprawl, and improving audit readiness. What “aging analysis” means: Aging analysis is the practice of classifying user accounts by time-based signals (e.g., last sign-in, last password change, time since creation, and time since last entitlement…

Alerting on 'password never expires' violations

September 17, 2025

Alerting on “Password Never Expires” Violations (Active Directory) This article explains what the “Password never expires” setting actually means in Active Directory, why it is risky, and how to build reliable detection and alerting with minimal noise. Why this matters? A password is a shared secret. Over time, shared secrets…

Cleanup automation using Lepide/Netwrix insights

September 17, 2025

Cleanup Automation Using Lepide and Netwrix Insights “Cleanup” in Active Directory (and adjacent systems like file servers and M365) is rarely a one-time task. It’s an operating model: continuously detect what’s stale or risky, validate it, apply a controlled action, and prove you didn’t break anything. The easiest way to get this right is to turn audit and activity…

Cross‑forest account sync and SIDHistory handling

September 17, 2025

Cross-forest account sync and SIDHistory handling Cross-forest account synchronization is what keeps access working when identities move between Active Directory forests. SIDHistory is the bridge that lets the new account carry the old identity’s rights without forcing a mass re-ACL of your entire estate. It is simple in concept, but unforgiving in…

Detecting unmanaged accounts via group audit

September 17, 2025

Detecting unmanaged accounts via group audit: advanced comparison guide for AD, Entra, SIEM, and PAM Detecting unmanaged accounts via group audit means using group membership changes and “who got added where” telemetry to surface identities that operate outside expected governance: accounts not onboarded to PAM, not tied to HR/ITSM ownership, not covered by standard…

LDAP vs PowerShell for modified account reporting

September 17, 2025

LDAP vs PowerShell for modified account reporting Modified account reporting in Active Directory sounds simple: “Show me which users changed recently.” In practice, it’s one of those tasks where the tool choice quietly determines whether you get a trustworthy report or an expensive spreadsheet of lies. The debate often gets framed as LDAP vs…

Risk-based lockout policy tuning

September 17, 2025

Risk-based lockout policy tuning: Cloud vs on-prem comparisons, deep mechanics, and technical implementation Risk-based lockout policy tuning is the practice of adjusting lockout behavior based on the assessed risk of an authentication attempt, rather than relying on a fixed “X failed passwords = lockout” rule. The goal is simple: slow attackers down hard while keeping…

Assign home folders dynamically with scripts

September 17, 2025

A user home folder sounds simple: “give each person a private network location and map it as H:”. In real environments, that “simple” choice becomes a long-running system: identity meets storage, permissions, audits, migrations, quotas, backups, and incident response. That is why assigning home folders dynamically with scripts is not just a convenience trick—it is a…

How to automate deletion detection with Recycle Bin

September 17, 2025

Automating deletion detection in recycle bin: expert guide for Windows cleanup at scale The Windows recycle bin was designed as a safety buffer, not a data retention system. Yet in many environments it becomes exactly that: a quiet holding pen for sensitive documents, large installers, and “temporary” files that never get revisited. The modern problem is…

Elementor #6569

September 12, 2025

Webinar: Modern AD Ops — Registration WAD • Live Webinar Intro Agenda Register FAQ …

Arun Kumar

Aging analysis of user accounts

Alerting on 'password never expires' violations

Cleanup automation using Lepide/Netwrix insights

Cross‑forest account sync and SIDHistory handling

Detecting unmanaged accounts via group audit

LDAP vs PowerShell for modified account reporting

Risk-based lockout policy tuning

Assign home folders dynamically with scripts

How to automate deletion detection with Recycle Bin

Elementor #6569

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

ADUC: Complete Guide to Active Directory Users and Computers for Windows Server Admins

How to deploying network settings with GPO

How to redirect Documents and Desktop via GPO

ManageEngine among notable vendors in Forrester's report

5 ways to mitigate the rising threat of identity sprawl

6-step guide to Enhance Hybrid IT Security

SysAdmin Toolkit

Group Policy Guide

Arun Kumar

Featured Posts

Popular with Readers

Recently Added